Issued:: 2025-12-09
Updated:: 2025-12-09

RHSA-2025:22944 - Red Hat OpenShift Service Mesh 3.1.4

Synopsis

Red Hat OpenShift Service Mesh 3.1.4

Type/Severity

Security Advisory Low

Topic

Red Hat OpenShift Service Mesh 3.1.4

Description

Red Hat OpenShift Service Mesh 3.1.4, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.

Fixes/Improvements:

Updated to Istio version 1.26.6

Security Fix(es):

istio-proxyv2-rhel9: AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections (CVE-2025-53643)

Solution

See Red Hat OpenShift Service Mesh 3.1.4 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1

Affected Products

Product	Version	Arch
Red Hat OpenShift Service Mesh	3.1	x86_64

Fixes

(none)

CVEs

(none)

References

https://access.redhat.com/security/cve/CVE-2025-53643

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.